If you think about it the last option is a way to use login via 2fa
Nah it's just SFA with extra steps.
It's all good until you get into a dependency loop with your email account passwords needing resetting, that have the email from the other account that needs resetting :P
That’s easy, just create new accounts every time you login.
And everything is done in Tails.
If websites could just remind me on the login in screen what their password requirements are that would help me a LOT.
So many times I start going through the "forgot my password" steps and then when I see the password requirements are "at least 10 characters long with 2 unique symbols" I remember what it was and can go back and log in.
Or just use a password manager and solve that problem yourself right now forever.
But don't use lastpass, they are the most popular, and with the largest breach history. In fact, if you are capable of the admittedly high bar of self hosting, use bit warden instead.
But don’t use lastpass, they are the most popular, and with the largest breach history.
This is exactly why I don't want to use a password manager. Storing all my passwords in one place online doesn't exactly sound secure.
I would rather recommend using KeepassXC, and storing and syncing the database with your other devices using Syncthing. Supereasy to set up, and works flawlessly with my pc and my phone.
KeepassXC has nice features like global autotype btw, so for webpages i can insert my payment information with one hotkey. no need to save your CC in your browser.
Why? Bitwarden has a free tier you don't have to self host
There was one time I was traveling and had to reset one of my passwords. It sent a verification code via email but my email provider wouldn’t let me login because I was in a different country I’ve never been to before. So it was a train of recovery processes to reser my password on a single account.
Run a VPN server at home, any decent router should be able to run one. Then you can be anywhere in the world and every site will still think you are at home.
We have the worst password policy I’ve ever dealt with at my current employer.
Create a new account every time?
Change password every day, and the required password length and complexity increases each time you change your password.
Password game irl
My bank has, for being a bank, very very bad character support. Best thing is, I'm basically gonna work for that bank.
For years my bank only allowed numerical passwords. The maximum length was 8.
They changed it somewhat recently.
But they had a strict lockout policy, right? Right?
My employer software has us log in with just our password, no username. I don't know exactly what's going on in the backend but I know I don't like it.
The highly regarded password policy of my last employer was one of the many things that pushed me over the edge and made me leave for greener pastures. I had to manage something like 9 different passwords, with the main one having changed to 16 chars min with all of the usual number/symbol/CAP requirements.
The big brain move is going to reset your password, getting told you can't use your current password when you type in a "new" one, then going back to the login screen to log in.
And have the password still not work.
Forgot to add "Add a comma in your password, so if the all the user logins get leak, it will destroy the CSV file it gets uploaded to".
It won't destroy the .csv file, but your (below standard) client might have issues reading it. That woman from The Office knows those are not the same thing.
Add a drop table statement to it while you're at it
Step 1) Activate 2-Factor authentication
Step 2) Authentication system fucks up
Step 3) Locked out of your own account
True story. x2
There is also use a password manager and reset the password everytime because the site blocks them and locks it out.
I have relatively long Passwords, because why not, and had problems with pages restricting the number of characters you can enter in the login window, but not the registration window. Or restricting password length and cutting your password off, but not telling you about it, so you gotta figure out that they set the first 30 characters of the saved password as your password.
Always fun to deal with. I could make it a lot easier for me by just using shorter passwords, but I think deep down I'm a masochist.
The worst version of this I’ve ever seen is a site that enforced a password policy on the “current password” field on the “change password” interface. I had an existing password that violated their policy (either because they changed the policy or a technician created a “temporary” password for me, I forget), and I could not change it to a proper password because my current password would get rejected.
Sign a random string with your private key to be verified by a public key on server.
Whenever I feel that my passwords are insecure, I offer them a few encouraging words.
Hey, unrelated question, what's the mother's maiden name of your password?
If I told you, then my password would be insecure. You see, that's a sensitive case for them.
For any self-hosted services you use, run something like Authentik and configure all the apps to use it for auth via OIDC (OpenID Connect). Makes the experience a lot nicer, instead of every service having its own separate user system.
Bitwarden is your friend.
Ah yes, they'll never obtain my password if not even I know it.
Post funny things about programming here! (Or just rant about your favourite programming language.)
